Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by alivecor
CVE-2022-40703 (GCVE-0-2022-40703)
Vulnerability from nvd – Published: 2022-10-26 20:02 – Updated: 2025-04-16 16:08
VLAI
Summary
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior
on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AliveCor | Kardia App |
Affected:
0 , ≤ 5.17.1-754993421
(custom)
|
Date Public
2022-10-25 18:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:49:36.169357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:08:38.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Kardia App",
"vendor": "AliveCor",
"versions": [
{
"lessThanOrEqual": "5.17.1-754993421",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Carlos Cilleruelo Rodr\u00edguez"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Javier Junquera S\u00e1nchez"
}
],
"datePublic": "2022-10-25T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e5.17.1-754993421 and prior\u003c/span\u003e\n\n on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app."
}
],
"value": "CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version\u00a05.17.1-754993421 and prior\n\n on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T20:02:06.819Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-40703",
"datePublished": "2022-10-26T20:02:06.819Z",
"dateReserved": "2022-09-29T14:09:27.500Z",
"dateUpdated": "2025-04-16T16:08:38.405Z",
"requesterUserId": "bc31a57b-b1a5-40e2-9263-67c0ae8a3b8a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40703 (GCVE-0-2022-40703)
Vulnerability from cvelistv5 – Published: 2022-10-26 20:02 – Updated: 2025-04-16 16:08
VLAI
Summary
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior
on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.
Severity
5.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AliveCor | Kardia App |
Affected:
0 , ≤ 5.17.1-754993421
(custom)
|
Date Public
2022-10-25 18:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40703",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:49:36.169357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:08:38.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Kardia App",
"vendor": "AliveCor",
"versions": [
{
"lessThanOrEqual": "5.17.1-754993421",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Carlos Cilleruelo Rodr\u00edguez"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Javier Junquera S\u00e1nchez"
}
],
"datePublic": "2022-10-25T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e5.17.1-754993421 and prior\u003c/span\u003e\n\n on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app."
}
],
"value": "CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version\u00a05.17.1-754993421 and prior\n\n on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302 Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-26T20:02:06.819Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-40703",
"datePublished": "2022-10-26T20:02:06.819Z",
"dateReserved": "2022-09-29T14:09:27.500Z",
"dateUpdated": "2025-04-16T16:08:38.405Z",
"requesterUserId": "bc31a57b-b1a5-40e2-9263-67c0ae8a3b8a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}